Background

In the recent years we have seen more and more abuses of communication networks like the Internet: phishing has developed to an immense threat in 2005, bots propagate with the help of webservers, and malicious websites try to exploit vulnerabilities in webbrowsers. Up to now, there is no comprehensive database to study the attacks found in the wild. With projects like McAfee Site Advisor or HoneyMonkey, there exist several solutions to collect more information about current threats on the Internet. However, none of these solutions is available for download.

Task

The thesis focuses on building an easy-to-use infrastructure to monitor and archive malicious websites. In a first step, a crawler collects resources from different parts of the Internet. Afterwards, the collected data is checked with different antivirus-solutions. This can be done with the help of a database that stores and continuously monitors these websites. In addition, DNS changes and other things have to be monitored. The resulting database can help in regression tests for tools like honeyclient, client-side honeypots, or similar tools.

In addition, the infrastructure should be a general framework that also enables storing of malicious binaries or other tools found during investigations.

Further Information

Thesis: "Monkey-Spider: Detecting Malicious Web Sites" (1.6 MB)

Software: http://monkeyspider.sourceforge.net/